How secure is my mac?

[SpaceGirlM]

Hello,

I just have a question about how secure my mac is..

I use ethernet to connect to the internet with the DHCP configurations. My firewall is turned on and my sharing options off.

But I also have NetBarrier. The firewall option for this was set on:

Client, Local Server

Having it set up like this, do you know if someone could access my mac?

Thanks.

 

[MTI]

If there's someone "out there" determined to get access, then they likely will.

Another feature that you can switch is to have the router not respond to any "ping" requests.

Perhaps the biggest security threat to our computers is actually physical access rather than electronic. When another person can put their fingers on your keyboard, it's literally seconds before they can bypass passwords and access data unless data encryption has been activated.

 

[yellow]

Having it set up like this, do you know if someone could access my mac?

This is an extremely loaded question. There's a bajillion pieces to the "security" puzzle.
Answer these questions:

1) having 2 firewalls running is probably a needless waste of CPU cyles.
2) is this computer at home? Behind a router that undoubtedly has NAT? Then having a software firewall (nevermind 2) running is overkill.
3) is it up to date with patches?
4) do you have a good, strong password? Do you change it at regular intervals?
5) do you use autologin?
6) do you allow shoulder surfers or social engineers to view you at your Mac?
7) do you spend time websurfing on or downloading questionable materials from questionable sources?


Good practices will keep 99% of people "out" of your Mac, same with Windows.

 

[SpaceGirlM]

2) is this computer at home? Behind a router that undoubtedly has NAT? Then having a software firewall (nevermind 2) running is overkill.

Yes, the computer is at hom.. No it is not behind a router as far as I know.

3) is it up to date with patches?

I don't know, how can I tell if it is..?

4) do you have a good, strong password? Do you change it at regular intervals?

Password for what??

5) do you use autologin?

What is autologin?

6) do you allow shoulder surfers or social engineers to view you at your Mac?

No.

7) do you spend time websurfing on or downloading questionable materials from questionable sources?

Yes I use the internet for websurfing but nothing else.


Could someone see/access my files on my local server if I have the firewall option set to "client, local server" but my sharing options off..

Is there a way to test how secure my mac is?

 

[uberamd]

Do a port scan from the outside. Thats a start. Google online port scanner, type in your external IP, and see what ports are open.

 

[yellow]

2) is this computer at home? Behind a router that undoubtedly has NAT? Then having a software firewall (nevermind 2) running is overkill.

Yes, the computer is at hom.. No it is not behind a router as far as I know.

What do you plug into for network? Still, 2 firewalls is a total waste of CPU cycles.

3) is it up to date with patches?

I don't know, how can I tell if it is..?

Apple menu -> Software Update

4) do you have a good, strong password? Do you change it at regular intervals?

Password for what??

For logging into your Mac. Your admin password?

5) do you use autologin?

What is autologin?

When you restart your Mac, does it log directly into your user? Or do you have to choose a user and enter a password (I'm guessing not)

Could someone see/access my files on my local server if I have the firewall option set to "client, local server" but my sharing options off..

Is there a way to test how secure my mac is?

You have a local server? I expect "local server" means computers on your subnet are allowed to connect to whatever services are running on your computer. If file sharing is off, then people cannot see your files via file sharing. But security typically isn't measured by file sharing on/off.


In my opinion, NO your Mac is not very secure because you're not following basic security practices.

 

[Jethryn Freyman]

2)Yes, the computer is at hom.. No it is not behind a router as far as I know.

The application firewall in system preferences is weak, if you really want security, download WaterRoof and use it to configure IPFW (the other built in firewall, which is hidden and disabled by default.)

4) do you have a good, strong password? Do you change it at regular intervals?

Unless you're using filevault, don't bother with a super strong login password. All someone has to do is stick a linux CD into your computer and they can read all your files, or start your computer in Firewire target mode, or remove your hard drive.

Is there a way to test how secure my mac is?

Download Nessus and run a scan against your computer (IP address you'll need to use is 127.0.0.1)

http://www.nessus.org/nessus/

It's used to detect vulnerabilities that could be used to attack your computer remotely.

 

[yellow]

The application firewall in system preferences is weak, if you really want security, download WaterRoof and use it to configure IPFW (the other built in firewall, which is hidden and disabled by default.)

I'm not sure I'd call it weak. But I totally agree with WaterRoof, it make configuring ipfw2 much easier. But I suspect the complication might be over the OP's head in that case. Besides, she's already using NetBarrier which should suffice for her purposes.

Unless you're using filevault, don't bother with a super strong login password. All someone has to do is stick a linux CD into your computer and they can read all your files, or start your computer in Firewire target mode, or remove your hard drive.

While this is true, you're advocating a weak password? Physical access to the computer is a much less likely situation than remote attack. So advocating a weak password is a bad idea.

Download Nessus and run a scan against your computer (IP address you'll need to use is 127.0.0.1)

http://www.nessus.org/nessus/

It's used to detect vulnerabilities that could be used to attack your computer remotely.

Given the level of the OP's understanding, I suspect this might be overkill, particularly since she is undoubtedly behind a router and hardware NAT of some sort. A local server, then running a local client would mean any scan would be of the local machine only and not really be indicative of possible attack vectors from beyond her router/subnet. Additionally, I'm not sure she'd know what to make of the report.

I think it's better to start out with the basics and build from there. Good password, unnecessary services off, machine patched, informed internet use.

 

[Consultant]

Over kill. OSX is not the insecure windows.

 

[Jethryn Freyman]

While this is true, you're advocating a weak password? Physical access to the computer is a much less likely situation than remote attack. So advocating a weak password is a bad idea..

Not a a weak one, but a 20 character password is not needed, unless you're going to use Filevault.

 

[yellow]

Not a a weak one, but a 20 character password is not needed, unless you're going to use Filevault.

Well I never said one needed a 20 character password, however one

a) should have a password
b) it should be strong and at least 8 characters
c) change said password at least every 180 days

Not knowing your admin password, having a blank admin password, or some pathetic excuse for a password is really a poor idea if you're at all interested in how secure your Mac is.